Fix for bug 2283 (RVCT 4.0 support is missing from PDK 3.0.h)
Have multiple extension sections in the bld.inf, one for each version
of the compiler. The RVCT version building the tools will build the
runtime libraries for its version, but make sure we extract all the other
versions from zip archives. Also add the archive for RVCT4.
// Copyright (c) 2001-2009 Nokia Corporation and/or its subsidiary(-ies).
// All rights reserved.
// This component and the accompanying materials are made available
// under the terms of the License "Eclipse Public License v1.0"
// which accompanies this distribution, and is available
// at the URL "http://www.eclipse.org/legal/epl-v10.html".
//
// Initial Contributors:
// Nokia Corporation - initial contribution.
//
// Contributors:
//
// Description:
// e32test\secure\t_capsup.cpp
// Overview:
// Test support of platform security capabilities.
// API Information:
// TCapabilitySet, TSecurityInfo, TSecurityPolicy and various other methods.
// Details:
// - Verify the enumeration of each of the capability names.
// - Test the TCapabilitySet class methods by setting and checking various
// capabilities. Verify results are as expected.
// - Test the TSecurityInfo class methods and verify results.
// - Test the RProcess, RThread and RMessage2 SecureId() methods along with
// User::CreatorSecureId(). Verify results are as expected.
// - Test the RProcess, RThread and RMessage2 VendorId() methods along with
// User::CreatorVendorId(). Verify results are as expected.
// - Test the RProcess, RThread and RMessage2 HasCapability() methods along
// with User::CreatorHasCapability(). Verify results are as expected.
// - Test TSecurityPolicy constructors including macros for compile-time
// construction. Verify results are as expected.
// - Test kernel APIs. Verify results are as expected.
// - Test setting KernelConfigFlags. Ensure that, if __PLATSEC_UNLOCKED__
// is not set, the PlatSec flags cannot be unset.
// - Test the use of platform security diagnostic strings.
// Platforms/Drives/Compatibility:
// All.
// Assumptions/Requirement/Pre-requisites:
// Failures and causes:
// Base Port information:
//
//
#define __INCLUDE_CAPABILITY_NAMES__
#define __E32TEST_EXTENSION__
#include <e32cmn.h>
#include <e32cmn_private.h>
#include <u32exec.h>
#include <e32test.h>
#include <e32def.h>
#include <e32def_private.h>
#include "d_sldd.h"
TBool PlatSecEnforcement;
_LIT_SECURE_ID(KTestSecureId,0x101f534d);
_LIT_SECURE_ID(KTestSecureId2,0x101f534e);
_LIT_VENDOR_ID(KTestVendorId,0x01234567);
_LIT_VENDOR_ID(KTestVendorId2,0x01234568);
const TUint32 KTestCapabilities =(1<<ECapabilityTCB)
|(1<<ECapabilityPowerMgmt)
|(1<<ECapabilityReadDeviceData)
|(1<<ECapabilityDRM)
|(1<<ECapabilityProtServ)
|(1<<ECapabilityNetworkControl)
|(1<<ECapabilitySwEvent)
|(1<<ECapabilityLocalServices)
|(1<<ECapabilityWriteUserData)
|(1<<ECapabilitySurroundingsDD);
LOCAL_D RTest test(_L("T_CAPSUP"));
enum TTestProcessFunctions
{
ETestProcessServer,
};
#include "testprocess.h"
TInt StartServer();
TInt DoTestProcess(TInt aTestNum,TInt aArg1,TInt aArg2)
{
(void)aArg1;
(void)aArg2;
switch(aTestNum)
{
case ETestProcessServer:
return StartServer();
default:
User::Panic(_L("T_CAPSUP"),1);
}
return KErrNone;
}
//
// RTestThread
//
class RTestThread : public RThread
{
public:
void Create(TThreadFunction aFunction,TAny* aArg=0);
};
void RTestThread::Create(TThreadFunction aFunction,TAny* aArg)
{
TInt r=RThread::Create(_L(""),aFunction,KDefaultStackSize,KDefaultStackSize,KDefaultStackSize,aArg);
test(r==KErrNone);
}
//
// CTestSession
//
class CTestSession : public CSession2
{
public:
enum {EShutdown,
ETestProcessSecurityInfo,ETestThreadSecurityInfo,ETestMessageSecurityInfo,ETestCreatorSecurityInfo,
ETestProcessSecureId,ETestThreadSecureId,ETestMessageSecureId,ETestCreatorSecureId,
ETestProcessVendorId,ETestThreadVendorId,ETestMessageVendorId,ETestCreatorVendorId,
ETestProcessHasCapability1,ETestProcessHasCapability2,
ETestThreadHasCapability1,ETestThreadHasCapability2,
ETestMessageHasCapability1,ETestMessageHasCapability2,
ETestMessageHasCapabilityL1,ETestMessageHasCapabilityL2,
ETestCreatorHasCapability1,ETestCreatorHasCapability2,
ETestSecurityPolicyAgainstMessage,
ETestSecurityPolicyAgainstCreator
};
enum {EPolicyCheckPassed = 15, EPolicyCheckFailed = 16};
public:
CTestSession();
virtual void ServiceL(const RMessage2& aMessage);
public:
};
CTestSession::CTestSession()
: CSession2()
{}
void CTestSession::ServiceL(const RMessage2& aMessage)
{
const RMessagePtr2 m(aMessage);
switch (aMessage.Function())
{
case CTestSession::ETestProcessSecureId:
{
RProcess process;
TInt r=process.Open(aMessage.Int0());
if(r==KErrNone)
{
r = process.SecureId();
process.Close();
}
else
r = KErrGeneral;
m.Complete(r);
}
break;
case CTestSession::ETestThreadSecureId:
{
RThread thread;
TInt r=thread.Open(aMessage.Int0());
if(r==KErrNone)
{
r = thread.SecureId();
thread.Close();
}
else
r = KErrGeneral;
m.Complete(r);
}
break;
case CTestSession::ETestMessageSecureId:
{
TInt32 id = m.SecureId();
m.Complete(id);
}
break;
case CTestSession::ETestCreatorSecureId:
{
m.Complete(User::CreatorSecureId());
}
break;
case CTestSession::ETestProcessVendorId:
{
RProcess process;
TInt r=process.Open(aMessage.Int0());
if(r==KErrNone)
{
r = process.VendorId();
process.Close();
}
else
r = KErrGeneral;
m.Complete(r);
}
break;
case CTestSession::ETestThreadVendorId:
{
RThread thread;
TInt r=thread.Open(aMessage.Int0());
if(r==KErrNone)
{
r = thread.VendorId();
thread.Close();
}
else
r = KErrGeneral;
m.Complete(r);
}
break;
case CTestSession::ETestMessageVendorId:
{
TInt32 id = m.VendorId();
m.Complete(id);
}
break;
case CTestSession::ETestCreatorVendorId:
{
m.Complete(User::CreatorVendorId());
}
break;
case CTestSession::ETestProcessSecurityInfo:
{
RProcess process;
TInt r=process.Open(aMessage.Int0());
if(r==KErrNone)
{
TSecurityInfo info;
info.Set(process);
r = m.Write(1,TPtrC8((TUint8*)&info,sizeof(info)));
process.Close();
}
else
r = KErrGeneral;
m.Complete(r);
}
break;
case CTestSession::ETestThreadSecurityInfo:
{
RThread thread;
TInt r=thread.Open(aMessage.Int0());
if(r==KErrNone)
{
TSecurityInfo info;
info.Set(thread);
r = m.Write(1,TPtrC8((TUint8*)&info,sizeof(info)));
thread.Close();
}
else
r = KErrGeneral;
m.Complete(r);
}
break;
case CTestSession::ETestMessageSecurityInfo:
{
TSecurityInfo info;
info.Set(m);
TInt r = m.Write(0,TPtrC8((TUint8*)&info,sizeof(info)));
m.Complete(r);
}
break;
case CTestSession::ETestCreatorSecurityInfo:
{
TSecurityInfo info;
info.SetToCreatorInfo();
TInt r = m.Write(0,TPtrC8((TUint8*)&info,sizeof(info)));
m.Complete(r);
}
break;
case CTestSession::ETestProcessHasCapability1:
{
RProcess process;
TInt r=process.Open(aMessage.Int0());
if(r==KErrNone)
{
r = process.HasCapability((TCapability)aMessage.Int1(),__PLATSEC_DIAGNOSTIC_STRING("ETestProcessHasCapability1"));
process.Close();
}
else
r = KErrGeneral;
m.Complete(r);
}
break;
case CTestSession::ETestProcessHasCapability2:
{
RProcess process;
TInt r=process.Open(aMessage.Int0());
if(r==KErrNone)
{
r = process.HasCapability((TCapability)aMessage.Int1(),(TCapability)aMessage.Int2(),__PLATSEC_DIAGNOSTIC_STRING("ETestProcessHasCapability2"));
process.Close();
}
else
r = KErrGeneral;
m.Complete(r);
}
break;
case CTestSession::ETestThreadHasCapability1:
{
RThread thread;
TInt r=thread.Open(aMessage.Int0());
if(r==KErrNone)
{
r = thread.HasCapability((TCapability)aMessage.Int1(),__PLATSEC_DIAGNOSTIC_STRING("ETestThreadHasCapability1"));
thread.Close();
}
else
r = KErrGeneral;
m.Complete(r);
}
break;
case CTestSession::ETestThreadHasCapability2:
{
RThread thread;
TInt r=thread.Open(aMessage.Int0());
if(r==KErrNone)
{
r = thread.HasCapability((TCapability)aMessage.Int1(),(TCapability)aMessage.Int2(),__PLATSEC_DIAGNOSTIC_STRING("ETestThreadHasCapability2"));
thread.Close();
}
else
r = KErrGeneral;
m.Complete(r);
}
break;
case CTestSession::ETestMessageHasCapability1:
{
TInt r = m.HasCapability((TCapability)aMessage.Int0(),__PLATSEC_DIAGNOSTIC_STRING("ETestMessageHasCapability1"));
m.Complete(r);
}
break;
case CTestSession::ETestMessageHasCapabilityL1:
{
TRAPD(r,m.HasCapabilityL((TCapability)aMessage.Int0(),__PLATSEC_DIAGNOSTIC_STRING("ETestMessageHasCapabilityL1")))
m.Complete(r);
}
break;
case CTestSession::ETestMessageHasCapability2:
{
TInt r = m.HasCapability((TCapability)aMessage.Int0(),(TCapability)aMessage.Int1(),__PLATSEC_DIAGNOSTIC_STRING("ETestMessageHasCapability2"));
m.Complete(r);
}
break;
case CTestSession::ETestMessageHasCapabilityL2:
{
TRAPD(r,m.HasCapabilityL((TCapability)aMessage.Int0(),(TCapability)aMessage.Int1(),__PLATSEC_DIAGNOSTIC_STRING("ETestMessageHasCapabilityL2")))
m.Complete(r);
}
break;
case CTestSession::ETestCreatorHasCapability1:
{
TInt r = User::CreatorHasCapability((TCapability)aMessage.Int0(),__PLATSEC_DIAGNOSTIC_STRING("ETestCreatorHasCapability1"));
m.Complete(r);
}
break;
case CTestSession::ETestCreatorHasCapability2:
{
TInt r = User::CreatorHasCapability((TCapability)aMessage.Int0(),(TCapability)aMessage.Int1(),__PLATSEC_DIAGNOSTIC_STRING("ETestCreatorHasCapability2"));
m.Complete(r);
}
break;
case CTestSession::ETestSecurityPolicyAgainstMessage:
{
TBuf8<sizeof(TSecurityPolicy)> buf(0);
TInt len = m.GetDesLength(0);
TInt r = KErrArgument;
if(len>0 && len <=buf.MaxSize())
{
r = m.Read(0, buf, 0);
if(r==KErrNone)
{
TSecurityPolicy policy;
r = policy.Set(buf);
if(r == KErrNone)
{
r = policy.CheckPolicy(m, __PLATSEC_DIAGNOSTIC_STRING("Testing message against policy -- sample additional diagnostic."));
if(r)
r = EPolicyCheckPassed;
else
r = EPolicyCheckFailed;
}
}
}
m.Complete(r);
break;
}
case CTestSession::ETestSecurityPolicyAgainstCreator:
{
TBuf8<sizeof(TSecurityPolicy)> buf(0);
TInt len = m.GetDesLength(0);
TInt r = KErrArgument;
if(len>0 && len <=buf.MaxSize())
{
r = m.Read(0, buf, 0);
if(r==KErrNone)
{
TSecurityPolicy policy;
r = policy.Set(buf);
if(r == KErrNone)
{
r = policy.CheckPolicyCreator(__PLATSEC_DIAGNOSTIC_STRING("Testing creator against policy -- sample additional diagnostic."));
if(r)
r = EPolicyCheckPassed;
else
r = EPolicyCheckFailed;
}
}
}
m.Complete(r);
break;
}
case CTestSession::EShutdown:
CActiveScheduler::Stop();
break;
default:
m.Complete(KErrNotSupported);
break;
}
}
//
// CTestServer
//
class CTestServer : public CServer2
{
public:
CTestServer(TInt aPriority);
virtual CSession2* NewSessionL(const TVersion& aVersion,const RMessage2& aMessage) const;
};
CTestServer::CTestServer(TInt aPriority)
: CServer2(aPriority)
{
}
CSession2* CTestServer::NewSessionL(const TVersion& /*aVersion*/,const RMessage2& /*aMessage*/) const
{
return new (ELeave) CTestSession();
}
//
// CTestActiveScheduler
//
class CTestActiveScheduler : public CActiveScheduler
{
public:
virtual void Error(TInt anError) const;
};
void CTestActiveScheduler::Error(TInt anError) const
{
User::Panic(_L("TestServer Error"),anError);
}
//
// Server thread
//
_LIT(KServerName,"T_CAPSUP-server");
const TInt KServerRendezvous = KRequestPending+1;
void DoStartServer()
{
CTestActiveScheduler* activeScheduler = new (ELeave) CTestActiveScheduler;
CActiveScheduler::Install(activeScheduler);
CleanupStack::PushL(activeScheduler);
CTestServer* server = new (ELeave) CTestServer(0);
CleanupStack::PushL(server);
User::LeaveIfError(server->Start(KServerName));
RProcess::Rendezvous(KServerRendezvous);
CActiveScheduler::Start();
CleanupStack::PopAndDestroy(2);
}
TInt StartServer()
{
CTrapCleanup* cleanupStack = CTrapCleanup::New();
if(!cleanupStack)
return KErrNoMemory;
TRAPD(leaveError,DoStartServer())
delete cleanupStack;
return leaveError;
}
//
// RTestSession
//
class RTestSession : public RSessionBase
{
public:
inline TInt Connect()
{ return CreateSession(KServerName,TVersion());}
inline TInt Send(TInt aFunction)
{ return RSessionBase::SendReceive(aFunction); }
inline TInt Send(TInt aFunction,const TIpcArgs& aArgs)
{ return RSessionBase::SendReceive(aFunction,aArgs); }
inline void Send(TInt aFunction,TRequestStatus& aStatus)
{ RSessionBase::SendReceive(aFunction,aStatus); }
inline void Send(TInt aFunction,const TIpcArgs& aArgs,TRequestStatus& aStatus)
{ RSessionBase::SendReceive(aFunction,aArgs,aStatus); }
};
RTestSession Session;
void CheckCapabilitySetEqual(const TCapabilitySet& a1,const TCapabilitySet& a2)
{
TInt i;
for(i=0; i<ECapability_Limit; i++)
test((!a1.HasCapability((TCapability)i))==(!a2.HasCapability((TCapability)i)));
}
void TestCapabilitySet()
{
TCapabilitySet s;
TCapabilitySet all;
TCapabilitySet empty;
TInt i,j,k;
test.Start(_L("Each test stage also implicity tests HasCapability()"));
test.Next(_L("Test SetEmpty()"));
memset(&empty,-1,sizeof(empty));
empty.SetEmpty();
for(i=0; i<ECapability_HardLimit; i++)
test(!empty.HasCapability((TCapability)i));
// test memory cleared - assumes knowledge of internal representation
for(i=0; i<(TInt)sizeof(empty); ++i)
test(((TUint8*)&empty)[i] == 0);
test.Next(_L("Test SetAllSupported()"));
all.SetAllSupported();
// This code makes the assumption that there are no gaps in the TCapability enumeration
for(i=0; i<ECapability_Limit; i++)
test(all.HasCapability((TCapability)i));
for(; i<ECapability_HardLimit; i++)
test(!all.HasCapability((TCapability)i));
test.Next(_L("Test Set(TCapability)"));
for(j=-2; j<ECapability_HardLimit; j++)
{
if(j&1)
s.SetAllSupported();
else
s.SetEmpty();
s.Set((TCapability)j);
for(i=0; i<=ECapability_HardLimit; i++)
{
if(i==j)
test(!s.HasCapability((TCapability)i) == !all.HasCapability((TCapability)i)); // Should have capability (if in set of All capabilities)
else
test(!s.HasCapability((TCapability)i));
}
test(!s.HasCapability(ECapability_Denied));
test(s.HasCapability(ECapability_None));
}
test.Next(_L("Test Set(TCapability,TCapability)"));
for(k=-2; k<ECapability_HardLimit; k++)
{
for(j=-2; j<ECapability_HardLimit; j++)
{
if((j^k)&1)
s.SetAllSupported();
else
s.SetEmpty();
s.Set((TCapability)j,(TCapability)k);
for(i=0; i<=ECapability_HardLimit; i++)
{
if(i==j || i==k)
test(!s.HasCapability((TCapability)i) == !all.HasCapability((TCapability)i)); // Should have capability (if in set of All capabilities)
else
test(!s.HasCapability((TCapability)i));
}
test(!s.HasCapability(ECapability_Denied));
test(s.HasCapability(ECapability_None));
}
}
test.Next(_L("Test TCapability(TCapability)"));
for(j=-2; j<ECapability_HardLimit; j++)
{
TCapabilitySet t((TCapability)j);
for(i=0; i<=ECapability_HardLimit; i++)
{
if(i==j)
test(!t.HasCapability((TCapability)i) == !all.HasCapability((TCapability)i)); // Should have capability (if in set of All capabilities)
else
test(!t.HasCapability((TCapability)i));
}
test(!s.HasCapability(ECapability_Denied));
test(s.HasCapability(ECapability_None));
}
test.Next(_L("Test TCapability(TCapability,TCapability)"));
for(k=-2; k<ECapability_HardLimit; k++)
{
for(j=-2; j<ECapability_HardLimit; j++)
{
TCapabilitySet t((TCapability)j,(TCapability)k);
for(i=0; i<=ECapability_HardLimit; i++)
{
if(i==j || i==k)
test(!t.HasCapability((TCapability)i) == !all.HasCapability((TCapability)i)); // Should have capability (if in set of All capabilities)
else
test(!t.HasCapability((TCapability)i));
}
test(!s.HasCapability(ECapability_Denied));
test(s.HasCapability(ECapability_None));
}
}
test.Next(_L("Test AddCapability(TCapability)"));
s.SetEmpty();
for(j=-2; j<ECapability_HardLimit; j++) // Add each capability in sequence
{
s.AddCapability((TCapability)j);
for(i=0; i<=j; i++)
test(!s.HasCapability((TCapability)i) == !all.HasCapability((TCapability)i)); // Should have capability (if in set of All capabilities)
for(; i<ECapability_HardLimit; i++)
test(!s.HasCapability((TCapability)i));
test(!s.HasCapability(ECapability_Denied));
test(s.HasCapability(ECapability_None));
}
s.SetEmpty();
for(j=ECapability_HardLimit-1; j>=-2; j--) // Add each capability in reverse sequence
{
s.AddCapability((TCapability)j);
for(i=ECapability_HardLimit-1; i>=j && i>=0; i--)
test(!s.HasCapability((TCapability)i) == !all.HasCapability((TCapability)i)); // Should have capability (if in set of All capabilities)
for(; i>=0; i--)
test(!s.HasCapability((TCapability)i));
test(!s.HasCapability(ECapability_Denied));
test(s.HasCapability(ECapability_None));
}
test.Next(_L("Test RemoveCapability(TCapability)"));
s.SetAllSupported();
for(j=-2; j<ECapability_HardLimit; j++) // Remove each capability in sequence
{
s.RemoveCapability((TCapability)j);
for(i=0; i<=j; i++)
test(!s.HasCapability((TCapability)i));
for(; i<ECapability_HardLimit; i++)
test(!s.HasCapability((TCapability)i) == !all.HasCapability((TCapability)i)); // Should have capability (if in set of All capabilities)
test(!s.HasCapability(ECapability_Denied));
test(s.HasCapability(ECapability_None));
}
s.SetAllSupported();
for(j=ECapability_HardLimit-1; j>=-2; j--) // Remove each capability reverse sequence
{
s.RemoveCapability((TCapability)j);
for(i=ECapability_HardLimit-1; i>=j && i >=0; i--)
test(!s.HasCapability((TCapability)i));
for(; i>=0; i--)
test(!s.HasCapability((TCapability)i) == !all.HasCapability((TCapability)i)); // Should have capability (if in set of All capabilities)
test(!s.HasCapability(ECapability_Denied));
test(s.HasCapability(ECapability_None));
}
test.Next(_L("Building test sets"));
TCapabilitySet even;
even.SetEmpty();
for(i=0; i<ECapability_Limit; i+=2) even.AddCapability((TCapability)i);
TCapabilitySet odd;
odd.SetEmpty();
for(i=1; i<ECapability_Limit; i+=2) odd.AddCapability((TCapability)i);
test.Next(_L("Test Union(TCapabilitySet)"));
s.SetEmpty();
CheckCapabilitySetEqual(s,empty);
s.Union(odd);
CheckCapabilitySetEqual(s,odd);
s.Union(odd);
CheckCapabilitySetEqual(s,odd);
s.Union(empty);
CheckCapabilitySetEqual(s,odd);
s.Union(even);
CheckCapabilitySetEqual(s,all);
s.Union(even);
CheckCapabilitySetEqual(s,all);
s.SetEmpty();
CheckCapabilitySetEqual(s,empty);
s.Union(even);
CheckCapabilitySetEqual(s,even);
s.Union(even);
CheckCapabilitySetEqual(s,even);
s.Union(empty);
CheckCapabilitySetEqual(s,even);
s.Union(odd);
CheckCapabilitySetEqual(s,all);
s.Union(odd);
CheckCapabilitySetEqual(s,all);
test.Next(_L("Test Intersection(TCapabilitySet)"));
s.SetAllSupported();
CheckCapabilitySetEqual(s,all);
s.Intersection(odd);
CheckCapabilitySetEqual(s,odd);
s.Intersection(odd);
CheckCapabilitySetEqual(s,odd);
s.Intersection(even);
CheckCapabilitySetEqual(s,empty);
s.Intersection(even);
CheckCapabilitySetEqual(s,empty);
s.SetAllSupported();
CheckCapabilitySetEqual(s,all);
s.Intersection(even);
CheckCapabilitySetEqual(s,even);
s.Intersection(even);
CheckCapabilitySetEqual(s,even);
s.Intersection(odd);
CheckCapabilitySetEqual(s,empty);
s.Intersection(odd);
CheckCapabilitySetEqual(s,empty);
test.Next(_L("Test Remove(TCapabilitySet)"));
s.SetAllSupported();
CheckCapabilitySetEqual(s,all);
s.Remove(odd);
CheckCapabilitySetEqual(s,even);
s.Remove(odd);
CheckCapabilitySetEqual(s,even);
s.Remove(empty);
CheckCapabilitySetEqual(s,even);
s.Remove(even);
CheckCapabilitySetEqual(s,empty);
s.Remove(even);
CheckCapabilitySetEqual(s,empty);
s.SetAllSupported();
CheckCapabilitySetEqual(s,all);
s.Remove(even);
CheckCapabilitySetEqual(s,odd);
s.Remove(even);
CheckCapabilitySetEqual(s,odd);
s.Remove(empty);
CheckCapabilitySetEqual(s,odd);
s.Remove(odd);
CheckCapabilitySetEqual(s,empty);
s.Remove(odd);
CheckCapabilitySetEqual(s,empty);
test.Next(_L("Test HasCapabilities(TCapabilitySet)"));
for(i=0; i<ECapability_Limit; i++)
{
if(!all.HasCapability((TCapability)i))
continue;
TCapabilitySet t((TCapability)i);
test(t.HasCapabilities(t));
test(all.HasCapabilities(t));
test(!empty.HasCapabilities(t));
if(i&1)
{
test(odd.HasCapabilities(t));
test(!even.HasCapabilities(t));
}
else
{
test(!odd.HasCapabilities(t));
test(even.HasCapabilities(t));
}
test(!t.HasCapabilities(all));
test(!t.HasCapabilities(even));
test(!t.HasCapabilities(odd));
test(t.HasCapabilities(empty));
}
test(all.HasCapabilities(all));
test(all.HasCapabilities(even));
test(all.HasCapabilities(odd));
test(all.HasCapabilities(empty));
test(!even.HasCapabilities(all));
test(even.HasCapabilities(even));
test(!even.HasCapabilities(odd));
test(even.HasCapabilities(empty));
test(!odd.HasCapabilities(all));
test(!odd.HasCapabilities(even));
test(odd.HasCapabilities(odd));
test(odd.HasCapabilities(empty));
test(!empty.HasCapabilities(all));
test(!empty.HasCapabilities(even));
test(!empty.HasCapabilities(odd));
test(empty.HasCapabilities(empty));
test.End();
}
void CheckSecurityInfo(const TSecurityInfo& a1,const TSecurityInfo& a2)
{
test(a1.iSecureId==a2.iSecureId);
test(a1.iVendorId==a2.iVendorId);
TInt i;
for(i=0; i<ECapability_Limit; i++)
test((!a1.iCaps.HasCapability((TCapability)i))==(!a2.iCaps.HasCapability((TCapability)i)));
}
void TestSecurityInfo()
{
TSecurityInfo self;
TSecurityInfo info;
TPckg<TSecurityInfo> infoPtr(info);
TInt i;
test.Start(_L("Test TSecurityInfo::SetToCurrentInfo"));
self.SetToCurrentInfo();
test(self.iSecureId==KTestSecureId);
test(self.iVendorId==KTestVendorId);
for(i=0; i<ECapability_Limit; i++)
test((TUint32)(self.iCaps.HasCapability((TCapability)i)!=0)==((KTestCapabilities>>i)&1));
test.Next(_L("Test TSecurityInfo::Set(RProcess)"));
Mem::FillZ(&info,sizeof(info));
TInt32 r = Session.Send(CTestSession::ETestProcessSecurityInfo,TIpcArgs(TUint(RProcess().Id()),&infoPtr));
test(r==KErrNone);
CheckSecurityInfo(self,info);
test.Next(_L("Test TSecurityInfo::Set(RThread)"));
Mem::FillZ(&info,sizeof(info));
r = Session.Send(CTestSession::ETestThreadSecurityInfo,TIpcArgs(TUint(RThread().Id()),&infoPtr));
test(r==KErrNone);
CheckSecurityInfo(self,info);
test.Next(_L("Test TSecurityInfo::Set(RMessagePtr2)"));
Mem::FillZ(&info,sizeof(info));
r = Session.Send(CTestSession::ETestMessageSecurityInfo,TIpcArgs(&infoPtr));
test(r==KErrNone);
CheckSecurityInfo(self,info);
test.Next(_L("Test TSecurityInfo::SetToCreatorInfo"));
Mem::FillZ(&info,sizeof(info));
r = Session.Send(CTestSession::ETestCreatorSecurityInfo,TIpcArgs(&infoPtr));
test(r==KErrNone);
CheckSecurityInfo(self,info);
test.End();
}
void TestSecureId()
{
test.Start(_L("Test RProcess::SecureId()"));
TInt r = Session.Send(CTestSession::ETestProcessSecureId,TIpcArgs(TUint(RProcess().Id())));
test((TUint32)r==KTestSecureId);
test.Next(_L("Test RThread::SecureId()"));
r = Session.Send(CTestSession::ETestThreadSecureId,TIpcArgs(TUint(RThread().Id())));
test((TUint32)r==KTestSecureId);
test.Next(_L("Test RMessage2::SecureId()"));
r = Session.Send(CTestSession::ETestMessageSecureId);
test((TUint32)r==KTestSecureId);
test.Next(_L("Test User::CreatorSecureId()"));
r = Session.Send(CTestSession::ETestCreatorSecureId);
test((TUint32)r==KTestSecureId);
test.End();
}
void TestVendorId()
{
test.Start(_L("Test RProcess::VendorId()"));
TInt r = Session.Send(CTestSession::ETestProcessVendorId,TIpcArgs(TUint(RProcess().Id())));
test((TUint32)r==KTestVendorId);
test.Next(_L("Test RThread::VendorId()"));
r = Session.Send(CTestSession::ETestThreadVendorId,TIpcArgs(TUint(RThread().Id())));
test((TUint32)r==KTestVendorId);
test.Next(_L("Test RMessage2::VendorId()"));
r = Session.Send(CTestSession::ETestMessageVendorId);
test((TUint32)r==KTestVendorId);
test.Next(_L("Test User::CreatorVendorId()"));
r = Session.Send(CTestSession::ETestCreatorVendorId);
test((TUint32)r==KTestVendorId);
test.End();
}
void TestHasCapability()
{
TInt failResult=PlatSecEnforcement ? 0 : 1;
TInt failResultL=PlatSecEnforcement ? KErrPermissionDenied : KErrNone;
test.Start(_L("Test RProcess::HasCapability(TCapability)"));
TInt r = Session.Send(CTestSession::ETestProcessHasCapability1,TIpcArgs(TUint(RProcess().Id()),ECapabilityLocalServices));
test(r);
r = Session.Send(CTestSession::ETestProcessHasCapability1,TIpcArgs(TUint(RProcess().Id()),ECapabilityNetworkServices));
test(r==failResult);
r = Session.Send(CTestSession::ETestProcessHasCapability1,TIpcArgs(TUint(RProcess().Id()),ECapability_None));
test(r);
r = Session.Send(CTestSession::ETestProcessHasCapability1,TIpcArgs(TUint(RProcess().Id()),ECapability_Denied));
test(r==failResult);
test.Next(_L("Test RProcess::HasCapability(TCapability,TCapability)"));
r = Session.Send(CTestSession::ETestProcessHasCapability2,TIpcArgs(TUint(RProcess().Id()),ECapabilityLocalServices,ECapabilityWriteUserData));
test(r);
r = Session.Send(CTestSession::ETestProcessHasCapability2,TIpcArgs(TUint(RProcess().Id()),ECapabilityNetworkServices,ECapabilityWriteUserData));
test(r==failResult);
r = Session.Send(CTestSession::ETestProcessHasCapability2,TIpcArgs(TUint(RProcess().Id()),ECapabilityLocalServices,ECapabilityReadUserData));
test(r==failResult);
r = Session.Send(CTestSession::ETestProcessHasCapability2,TIpcArgs(TUint(RProcess().Id()),ECapabilityNetworkServices,ECapabilityReadUserData));
test(r==failResult);
r = Session.Send(CTestSession::ETestProcessHasCapability2,TIpcArgs(TUint(RProcess().Id()),ECapability_None,ECapabilityWriteUserData));
test(r);
r = Session.Send(CTestSession::ETestProcessHasCapability2,TIpcArgs(TUint(RProcess().Id()),ECapability_Denied,ECapabilityWriteUserData));
test(r==failResult);
test.Next(_L("Test RThread::HasCapability(TCapability)"));
r = Session.Send(CTestSession::ETestThreadHasCapability1,TIpcArgs(TUint(RThread().Id()),ECapabilityLocalServices));
test(r);
r = Session.Send(CTestSession::ETestThreadHasCapability1,TIpcArgs(TUint(RThread().Id()),ECapabilityNetworkServices));
test(r==failResult);
r = Session.Send(CTestSession::ETestThreadHasCapability1,TIpcArgs(TUint(RThread().Id()),ECapability_None));
test(r);
r = Session.Send(CTestSession::ETestThreadHasCapability1,TIpcArgs(TUint(RThread().Id()),ECapability_Denied));
test(r==failResult);
test.Next(_L("Test RThread::HasCapability(TCapability,TCapability)"));
r = Session.Send(CTestSession::ETestThreadHasCapability2,TIpcArgs(TUint(RThread().Id()),ECapabilityLocalServices,ECapabilityWriteUserData));
test(r);
r = Session.Send(CTestSession::ETestThreadHasCapability2,TIpcArgs(TUint(RThread().Id()),ECapabilityNetworkServices,ECapabilityWriteUserData));
test(r==failResult);
r = Session.Send(CTestSession::ETestThreadHasCapability2,TIpcArgs(TUint(RThread().Id()),ECapabilityLocalServices,ECapabilityReadUserData));
test(r==failResult);
r = Session.Send(CTestSession::ETestThreadHasCapability2,TIpcArgs(TUint(RThread().Id()),ECapabilityNetworkServices,ECapabilityReadUserData));
test(r==failResult);
r = Session.Send(CTestSession::ETestThreadHasCapability2,TIpcArgs(TUint(RThread().Id()),ECapability_None,ECapabilityWriteUserData));
test(r);
r = Session.Send(CTestSession::ETestThreadHasCapability2,TIpcArgs(TUint(RThread().Id()),ECapability_Denied,ECapabilityWriteUserData));
test(r==failResult);
test.Next(_L("Test RMessagePtr2::HasCapability(TCapability)"));
r = Session.Send(CTestSession::ETestMessageHasCapability1,TIpcArgs(ECapabilityLocalServices));
test(r);
r = Session.Send(CTestSession::ETestMessageHasCapability1,TIpcArgs(ECapabilityNetworkServices));
test(r==failResult);
r = Session.Send(CTestSession::ETestMessageHasCapability1,TIpcArgs(ECapability_None));
test(r);
r = Session.Send(CTestSession::ETestMessageHasCapability1,TIpcArgs(ECapability_Denied));
test(r==failResult);
test.Next(_L("Test RMessagePtr2::HasCapabilityL(TCapability)"));
r = Session.Send(CTestSession::ETestMessageHasCapabilityL1,TIpcArgs(ECapabilityLocalServices));
test(r==KErrNone);
r = Session.Send(CTestSession::ETestMessageHasCapabilityL1,TIpcArgs(ECapabilityNetworkServices));
test(r==failResultL);
r = Session.Send(CTestSession::ETestMessageHasCapabilityL1,TIpcArgs(ECapability_None));
test(r==KErrNone);
r = Session.Send(CTestSession::ETestMessageHasCapabilityL1,TIpcArgs(ECapability_Denied));
test(r==failResultL);
test.Next(_L("Test RMessagePtr2::HasCapability(TCapability,TCapability)"));
r = Session.Send(CTestSession::ETestMessageHasCapability2,TIpcArgs(ECapabilityLocalServices,ECapabilityWriteUserData));
test(r);
r = Session.Send(CTestSession::ETestMessageHasCapability2,TIpcArgs(ECapabilityNetworkServices,ECapabilityWriteUserData));
test(r==failResult);
r = Session.Send(CTestSession::ETestMessageHasCapability2,TIpcArgs(ECapabilityLocalServices,ECapabilityReadUserData));
test(r==failResult);
r = Session.Send(CTestSession::ETestMessageHasCapability2,TIpcArgs(ECapabilityNetworkServices,ECapabilityReadUserData));
test(r==failResult);
r = Session.Send(CTestSession::ETestMessageHasCapability2,TIpcArgs(ECapability_None,ECapabilityWriteUserData));
test(r);
r = Session.Send(CTestSession::ETestMessageHasCapability2,TIpcArgs(ECapability_Denied,ECapabilityWriteUserData));
test(r==failResult);
test.Next(_L("Test RMessagePtr2::HasCapabilityL(TCapability,TCapability)"));
r = Session.Send(CTestSession::ETestMessageHasCapabilityL2,TIpcArgs(ECapabilityLocalServices,ECapabilityWriteUserData));
test(r==KErrNone);
r = Session.Send(CTestSession::ETestMessageHasCapabilityL2,TIpcArgs(ECapabilityNetworkServices,ECapabilityWriteUserData));
test(r==failResultL);
r = Session.Send(CTestSession::ETestMessageHasCapabilityL2,TIpcArgs(ECapabilityLocalServices,ECapabilityReadUserData));
test(r==failResultL);
r = Session.Send(CTestSession::ETestMessageHasCapabilityL2,TIpcArgs(ECapabilityNetworkServices,ECapabilityReadUserData));
test(r==failResultL);
r = Session.Send(CTestSession::ETestMessageHasCapabilityL2,TIpcArgs(ECapability_None,ECapabilityWriteUserData));
test(r==KErrNone);
r = Session.Send(CTestSession::ETestMessageHasCapabilityL2,TIpcArgs(ECapability_Denied,ECapabilityWriteUserData));
test(r==failResultL);
test.Next(_L("Test User::CreatorHasCapability(TCapability)"));
r = Session.Send(CTestSession::ETestCreatorHasCapability1,TIpcArgs(ECapabilityLocalServices));
test(r);
r = Session.Send(CTestSession::ETestCreatorHasCapability1,TIpcArgs(ECapabilityNetworkServices));
test(r==failResult);
r = Session.Send(CTestSession::ETestCreatorHasCapability1,TIpcArgs(ECapability_None));
test(r);
r = Session.Send(CTestSession::ETestCreatorHasCapability1,TIpcArgs(ECapability_Denied));
test(r==failResult);
test.Next(_L("Test User::CreatorHasCapability(TCapability,TCapability)"));
r = Session.Send(CTestSession::ETestCreatorHasCapability2,TIpcArgs(ECapabilityLocalServices,ECapabilityWriteUserData));
test(r);
r = Session.Send(CTestSession::ETestCreatorHasCapability2,TIpcArgs(ECapabilityNetworkServices,ECapabilityWriteUserData));
test(r==failResult);
r = Session.Send(CTestSession::ETestCreatorHasCapability2,TIpcArgs(ECapabilityLocalServices,ECapabilityReadUserData));
test(r==failResult);
r = Session.Send(CTestSession::ETestCreatorHasCapability2,TIpcArgs(ECapabilityNetworkServices,ECapabilityReadUserData));
test(r==failResult);
r = Session.Send(CTestSession::ETestCreatorHasCapability2,TIpcArgs(ECapability_None,ECapabilityWriteUserData));
test(r);
r = Session.Send(CTestSession::ETestCreatorHasCapability2,TIpcArgs(ECapability_Denied,ECapabilityWriteUserData));
test(r==failResult);
test.End();
}
TBool SecurityPoliciesEqual(const TSecurityPolicy& a,const TSecurityPolicy& b)
{
return Mem::Compare((TUint8*)&a, sizeof(TSecurityPolicy), (TUint8*)&b, sizeof(TSecurityPolicy))==0;
}
void TestSecurityPolicy()
{
test.Start(_L("Test TSecurityPolicy Constructors"));
TBool failResult=!PlatSecEnforcement;
test.Next(_L("Empty Constructor"));
{
TSecurityPolicy empty;
TPtrC8 ptr = empty.Package();
TSecurityPolicy empty2;
test(empty2.Set(ptr) == KErrNone);
test(SecurityPoliciesEqual(empty, empty2));
test(failResult!=!empty.CheckPolicy(RProcess()));
test(failResult!=!empty.CheckPolicy(RThread()));
test(failResult!=!empty2.CheckPolicy(RProcess()));
test(failResult!=!empty2.CheckPolicy(RThread()));
TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
}
test.Next(_L("Always Fail Constructor"));
{
TSecurityPolicy fail(TSecurityPolicy::EAlwaysFail);
TPtrC8 ptr = fail.Package();
TSecurityPolicy fail2;
test(fail2.Set(ptr) == KErrNone);
test(SecurityPoliciesEqual(fail, fail2));
test(failResult!=!fail.CheckPolicy(RProcess()));
test(failResult!=!fail.CheckPolicy(RThread()));
test(failResult!=!fail2.CheckPolicy(RProcess()));
test(failResult!=!fail2.CheckPolicy(RThread()));
TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
}
test.Next(_L("Always Pass Constructor"));
{
TSecurityPolicy pass(TSecurityPolicy::EAlwaysPass);
TPtrC8 ptr = pass.Package();
TSecurityPolicy pass2;
test(pass2.Set(ptr) == KErrNone);
test(SecurityPoliciesEqual(pass, pass2));
test(pass.CheckPolicy(RProcess()));
test(pass.CheckPolicy(RThread()));
test(pass2.CheckPolicy(RProcess()));
test(pass2.CheckPolicy(RThread()));
TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
test(r==CTestSession::EPolicyCheckPassed);
r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
test(r==CTestSession::EPolicyCheckPassed);
}
test.Next(_L("3 Capability Constructor"));
{
TSecurityPolicy threeCaps(ECapabilityTCB,ECapabilityDRM,ECapabilityProtServ);
//Current process has these three
test(threeCaps.CheckPolicy(RProcess()));
test(threeCaps.CheckPolicy(RThread()));
TPtrC8 ptr = threeCaps.Package();
TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
test(r==CTestSession::EPolicyCheckPassed);
r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
test(r==CTestSession::EPolicyCheckPassed);
}
{
TSecurityPolicy threeCaps(ECapabilityTCB,ECapabilityProtServ,ECapabilityCommDD);
//Current process doesn't have ECapabilityCommDD
test(failResult!=!(threeCaps.CheckPolicy(RProcess())));
test(failResult!=!(threeCaps.CheckPolicy(RThread())));
TPtrC8 ptr = threeCaps.Package();
TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
}
{
TSecurityPolicy threeCaps(ECapabilityCommDD);
//Current process doesn't have ECapabilityCommDD
test(failResult!=!(threeCaps.CheckPolicy(RProcess())));
test(failResult!=!(threeCaps.CheckPolicy(RThread())));
TPtrC8 ptr = threeCaps.Package();
TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
}
{
TSecurityPolicy threeCaps(ECapabilityTCB);
//Current process has TCB + 2 * ECapability_None
test(threeCaps.CheckPolicy(RProcess()));
test(threeCaps.CheckPolicy(RThread()));
TPtrC8 ptr = threeCaps.Package();
TSecurityPolicy threeCaps2;
TBuf8<sizeof(TSecurityPolicy)> invalid;
for(TInt i=4; i<=7; i++)
{
invalid=ptr;
invalid[i] = 0; // Set unused capability to be invalid
test(threeCaps2.Set(invalid)==KErrArgument);
}
test(threeCaps2.Set(ptr)==KErrNone);
test(SecurityPoliciesEqual(threeCaps, threeCaps2));
test(threeCaps2.CheckPolicy(RProcess()));
test(threeCaps2.CheckPolicy(RThread()));
TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
test(r==CTestSession::EPolicyCheckPassed);
r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
test(r==CTestSession::EPolicyCheckPassed);
}
test.Next(_L("7 Capability Constructor"));
{
TSecurityPolicy sevenCaps(ECapabilityTCB,ECapabilityWriteUserData,ECapabilitySwEvent,ECapabilityProtServ,ECapabilityNetworkControl,ECapabilityDRM,ECapabilityReadDeviceData);
//Current process has all 7 of these.
test(sevenCaps.CheckPolicy(RProcess()));
test(sevenCaps.CheckPolicy(RThread()));
TPtrC8 ptr = sevenCaps.Package();
TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
test(r==CTestSession::EPolicyCheckPassed);
r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
test(r==CTestSession::EPolicyCheckPassed);
}
{
TSecurityPolicy sevenCaps(ECapabilityTCB,ECapabilityWriteUserData,ECapabilityMultimediaDD,ECapabilityProtServ,ECapabilityNetworkControl,ECapabilityDRM,ECapabilityReadDeviceData);
//Current process doesn't have MultimediaDD
test(failResult!=!(sevenCaps.CheckPolicy(RProcess())));
test(failResult!=!(sevenCaps.CheckPolicy(RThread())));
TPtrC8 ptr = sevenCaps.Package();
TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
}
{
TSecurityPolicy sevenCaps(ECapabilityTCB,ECapabilityWriteUserData,ECapabilityMultimediaDD,ECapabilityProtServ,ECapabilityTrustedUI,ECapabilityDRM,ECapabilityReadDeviceData);
//Current process doesn't have MultiMediaDD or TrustedUI
test(failResult!=!(sevenCaps.CheckPolicy(RProcess())));
test(failResult!=!(sevenCaps.CheckPolicy(RThread())));
TPtrC8 ptr = sevenCaps.Package();
TSecurityPolicy sevenCaps2;
test(sevenCaps2.Set(ptr)==KErrNone);
test(SecurityPoliciesEqual(sevenCaps,sevenCaps2));
test(failResult!=!(sevenCaps2.CheckPolicy(RProcess())));
test(failResult!=!(sevenCaps2.CheckPolicy(RThread())));
TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);;
r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);;
}
test.Next(_L("SID + 3 constructor"));
{
TSecurityPolicy sid(KTestSecureId, ECapabilityProtServ, ECapabilityDRM, ECapabilityReadDeviceData);
//Current process has all three + sid
test(sid.CheckPolicy(RProcess()));
test(sid.CheckPolicy(RThread()));
TPtrC8 ptr = sid.Package();
TSecurityPolicy sid2;
test(sid2.Set(ptr)==KErrNone);
test(SecurityPoliciesEqual(sid,sid2));
test(sid2.CheckPolicy(RProcess()));
test(sid2.CheckPolicy(RThread()));
TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
test(r==CTestSession::EPolicyCheckPassed);
r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
test(r==CTestSession::EPolicyCheckPassed);
}
{
TSecurityPolicy sid(KTestSecureId2, ECapabilityProtServ, ECapabilityDRM, ECapabilityReadDeviceData);
//Current process has all three caps but not sid
test(failResult!=!(sid.CheckPolicy(RProcess())));
test(failResult!=!(sid.CheckPolicy(RThread())));
TPtrC8 ptr = sid.Package();
TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
}
{
TSecurityPolicy sid(KTestSecureId, ECapabilityProtServ, ECapabilityWriteDeviceData);
//Current process has sid but missing ECapabilityWriteDeviceData
test(failResult!=!(sid.CheckPolicy(RProcess())));
test(failResult!=!(sid.CheckPolicy(RThread())));
TPtrC8 ptr = sid.Package();
TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
}
{
TSecurityPolicy sid(KTestSecureId2, ECapabilityProtServ, ECapabilityWriteDeviceData);
//Current process is missing sid and ECapabilityWriteDeviceData
test(failResult!=!(sid.CheckPolicy(RProcess())));
test(failResult!=!(sid.CheckPolicy(RThread())));
TPtrC8 ptr = sid.Package();
TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
}
test.Next(_L("VID + 3 constructor"));
{
TSecurityPolicy vid(KTestVendorId, ECapabilityProtServ, ECapabilityDRM, ECapabilityReadDeviceData);
//Current process has all three + vid
test(vid.CheckPolicy(RProcess()));
test(vid.CheckPolicy(RThread()));
TPtrC8 ptr = vid.Package();
TSecurityPolicy vid2;
test(vid2.Set(ptr)==KErrNone);
test(SecurityPoliciesEqual(vid,vid2));
test(vid2.CheckPolicy(RProcess()));
test(vid2.CheckPolicy(RThread()));
TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
test(r==CTestSession::EPolicyCheckPassed);
}
{
TSecurityPolicy vid(KTestVendorId2, ECapabilityProtServ, ECapabilityDRM, ECapabilityReadDeviceData);
//Current process has all three caps but not vid
test(failResult!=!(vid.CheckPolicy(RProcess())));
test(failResult!=!(vid.CheckPolicy(RThread())));
TPtrC8 ptr = vid.Package();
TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
}
{
TSecurityPolicy vid(KTestVendorId, ECapabilityProtServ, ECapabilityWriteDeviceData);
//Current process has vid but missing ECapabilityWriteDeviceData
test(failResult!=!(vid.CheckPolicy(RProcess())));
test(failResult!=!(vid.CheckPolicy(RThread())));
TPtrC8 ptr = vid.Package();
TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
}
{
TSecurityPolicy vid(KTestVendorId2, ECapabilityProtServ, ECapabilityWriteDeviceData);
//Current process is missing vid and ECapabilityWriteDeviceData
test(failResult!=!(vid.CheckPolicy(RProcess())));
test(failResult!=!(vid.CheckPolicy(RThread())));
TPtrC8 ptr = vid.Package();
TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
}
test.Next(_L("Macros for compile-time construction"));
{
static _LIT_SECURITY_POLICY_C7(pc7,1,2,3,4,5,6,7);
static _LIT_SECURITY_POLICY_C6(pc6,1,2,3,4,5,6);
static _LIT_SECURITY_POLICY_C5(pc5,1,2,3,4,5);
static _LIT_SECURITY_POLICY_C4(pc4,1,2,3,4);
static _LIT_SECURITY_POLICY_C3(pc3,1,2,3);
static _LIT_SECURITY_POLICY_C2(pc2,1,2);
static _LIT_SECURITY_POLICY_C1(pc1,1);
test(SecurityPoliciesEqual(pc7,TSecurityPolicy((TCapability)1,(TCapability)2,(TCapability)3,(TCapability)4,(TCapability)5,(TCapability)6,(TCapability)7)));
test(SecurityPoliciesEqual(pc6,TSecurityPolicy((TCapability)1,(TCapability)2,(TCapability)3,(TCapability)4,(TCapability)5,(TCapability)6)));
test(SecurityPoliciesEqual(pc5,TSecurityPolicy((TCapability)1,(TCapability)2,(TCapability)3,(TCapability)4,(TCapability)5)));
test(SecurityPoliciesEqual(pc4,TSecurityPolicy((TCapability)1,(TCapability)2,(TCapability)3,(TCapability)4)));
test(SecurityPoliciesEqual(pc3,TSecurityPolicy((TCapability)1,(TCapability)2,(TCapability)3)));
test(SecurityPoliciesEqual(pc2,TSecurityPolicy((TCapability)1,(TCapability)2)));
test(SecurityPoliciesEqual(pc1,TSecurityPolicy((TCapability)1)));
static _LIT_SECURITY_POLICY_S3(ps3,0x12345678,1,2,3);
static _LIT_SECURITY_POLICY_S2(ps2,0x12345678,1,2);
static _LIT_SECURITY_POLICY_S1(ps1,0x12345678,1);
static _LIT_SECURITY_POLICY_S0(ps0,0x12345678);
test(SecurityPoliciesEqual(ps3,TSecurityPolicy(TSecureId(0x12345678),(TCapability)1,(TCapability)2,(TCapability)3)));
test(SecurityPoliciesEqual(ps2,TSecurityPolicy(TSecureId(0x12345678),(TCapability)1,(TCapability)2)));
test(SecurityPoliciesEqual(ps1,TSecurityPolicy(TSecureId(0x12345678),(TCapability)1)));
test(SecurityPoliciesEqual(ps0,TSecurityPolicy(TSecureId(0x12345678))));
static _LIT_SECURITY_POLICY_V3(pv3,0x12345678,1,2,3);
static _LIT_SECURITY_POLICY_V2(pv2,0x12345678,1,2);
static _LIT_SECURITY_POLICY_V1(pv1,0x12345678,1);
static _LIT_SECURITY_POLICY_V0(pv0,0x12345678);
test(SecurityPoliciesEqual(pv3,TSecurityPolicy(TVendorId(0x12345678),(TCapability)1,(TCapability)2,(TCapability)3)));
test(SecurityPoliciesEqual(pv2,TSecurityPolicy(TVendorId(0x12345678),(TCapability)1,(TCapability)2)));
test(SecurityPoliciesEqual(pv1,TSecurityPolicy(TVendorId(0x12345678),(TCapability)1)));
test(SecurityPoliciesEqual(pv0,TSecurityPolicy(TVendorId(0x12345678))));
static _LIT_SECURITY_POLICY_FAIL(fail);
static _LIT_SECURITY_POLICY_PASS(pass);
test(SecurityPoliciesEqual(fail,TSecurityPolicy(TSecurityPolicy::EAlwaysFail)));
test(SecurityPoliciesEqual(pass,TSecurityPolicy(TSecurityPolicy::EAlwaysPass)));
}
test.Next(_L("Macros for compile-time initialisation"));
{
const TStaticSecurityPolicy pc7 = _INIT_SECURITY_POLICY_C7(1,2,3,4,5,6,7);
const TStaticSecurityPolicy pc6 = _INIT_SECURITY_POLICY_C6(1,2,3,4,5,6);
const TStaticSecurityPolicy pc5 = _INIT_SECURITY_POLICY_C5(1,2,3,4,5);
const TStaticSecurityPolicy pc4 = _INIT_SECURITY_POLICY_C4(1,2,3,4);
const TStaticSecurityPolicy pc3 = _INIT_SECURITY_POLICY_C3(1,2,3);
const TStaticSecurityPolicy pc2 = _INIT_SECURITY_POLICY_C2(1,2);
const TStaticSecurityPolicy pc1 = _INIT_SECURITY_POLICY_C1(1);
test(SecurityPoliciesEqual(pc7,TSecurityPolicy((TCapability)1,(TCapability)2,(TCapability)3,(TCapability)4,(TCapability)5,(TCapability)6,(TCapability)7)));
test(SecurityPoliciesEqual(pc6,TSecurityPolicy((TCapability)1,(TCapability)2,(TCapability)3,(TCapability)4,(TCapability)5,(TCapability)6)));
test(SecurityPoliciesEqual(pc5,TSecurityPolicy((TCapability)1,(TCapability)2,(TCapability)3,(TCapability)4,(TCapability)5)));
test(SecurityPoliciesEqual(pc4,TSecurityPolicy((TCapability)1,(TCapability)2,(TCapability)3,(TCapability)4)));
test(SecurityPoliciesEqual(pc3,TSecurityPolicy((TCapability)1,(TCapability)2,(TCapability)3)));
test(SecurityPoliciesEqual(pc2,TSecurityPolicy((TCapability)1,(TCapability)2)));
test(SecurityPoliciesEqual(pc1,TSecurityPolicy((TCapability)1)));
const TStaticSecurityPolicy ps3 = _INIT_SECURITY_POLICY_S3(0x12345678,1,2,3);
const TStaticSecurityPolicy ps2 = _INIT_SECURITY_POLICY_S2(0x12345678,1,2);
const TStaticSecurityPolicy ps1 = _INIT_SECURITY_POLICY_S1(0x12345678,1);
const TStaticSecurityPolicy ps0 = _INIT_SECURITY_POLICY_S0(0x12345678);
test(SecurityPoliciesEqual(ps3,TSecurityPolicy(TSecureId(0x12345678),(TCapability)1,(TCapability)2,(TCapability)3)));
test(SecurityPoliciesEqual(ps2,TSecurityPolicy(TSecureId(0x12345678),(TCapability)1,(TCapability)2)));
test(SecurityPoliciesEqual(ps1,TSecurityPolicy(TSecureId(0x12345678),(TCapability)1)));
test(SecurityPoliciesEqual(ps0,TSecurityPolicy(TSecureId(0x12345678))));
const TStaticSecurityPolicy pv3 = _INIT_SECURITY_POLICY_V3(0x12345678,1,2,3);
const TStaticSecurityPolicy pv2 = _INIT_SECURITY_POLICY_V2(0x12345678,1,2);
const TStaticSecurityPolicy pv1 = _INIT_SECURITY_POLICY_V1(0x12345678,1);
const TStaticSecurityPolicy pv0 = _INIT_SECURITY_POLICY_V0(0x12345678);
test(SecurityPoliciesEqual(pv3,TSecurityPolicy(TVendorId(0x12345678),(TCapability)1,(TCapability)2,(TCapability)3)));
test(SecurityPoliciesEqual(pv2,TSecurityPolicy(TVendorId(0x12345678),(TCapability)1,(TCapability)2)));
test(SecurityPoliciesEqual(pv1,TSecurityPolicy(TVendorId(0x12345678),(TCapability)1)));
test(SecurityPoliciesEqual(pv0,TSecurityPolicy(TVendorId(0x12345678))));
const TStaticSecurityPolicy fail = _INIT_SECURITY_POLICY_FAIL;
const TStaticSecurityPolicy pass = _INIT_SECURITY_POLICY_PASS;
test(SecurityPoliciesEqual(fail,TSecurityPolicy(TSecurityPolicy::EAlwaysFail)));
test(SecurityPoliciesEqual(pass,TSecurityPolicy(TSecurityPolicy::EAlwaysPass)));
}
test.End();
}
#define CHECK_NAME(name) \
test(0==TPtrC8((TUint8*)#name).Compare(TPtrC8((TUint8*)CapabilityNames[ECapability##name])));
void TestCapabilityNames()
{
CHECK_NAME(TCB);
CHECK_NAME(CommDD);
CHECK_NAME(PowerMgmt);
CHECK_NAME(MultimediaDD);
CHECK_NAME(ReadDeviceData);
CHECK_NAME(WriteDeviceData);
CHECK_NAME(DRM);
CHECK_NAME(TrustedUI);
CHECK_NAME(ProtServ);
CHECK_NAME(DiskAdmin);
CHECK_NAME(NetworkControl);
CHECK_NAME(AllFiles);
CHECK_NAME(SwEvent);
CHECK_NAME(NetworkServices);
CHECK_NAME(LocalServices);
CHECK_NAME(ReadUserData);
CHECK_NAME(WriteUserData);
CHECK_NAME(Location);
CHECK_NAME(SurroundingsDD);
CHECK_NAME(UserEnvironment);
}
void TestKernelAPIs()
{
RLddTest ldd;
TInt r=User::LoadLogicalDevice(_L("D_SLDD.LDD"));
test(r==KErrNone || r==KErrAlreadyExists);
r=ldd.OpenLocal();
test(r==KErrNone);
RLddTest::TIds ids;
memclr(&ids,sizeof(ids));
ldd.GetIds(ids);
test.Printf(_L("Thread VID,SID = %08x,%08x\n\r"),ids.iThreadVID.iId,ids.iThreadSID.iId);
test.Printf(_L("Process VID,SID = %08x,%08x\n\r"),ids.iProcessVID.iId,ids.iProcessSID.iId);
test(ids.iThreadVID==KTestVendorId);
test(ids.iThreadSID==KTestSecureId);
test(ids.iProcessVID==KTestVendorId);
test(ids.iProcessSID==KTestSecureId);
// Test kernel-mode TSecurityInfo-getting APIs
TSecurityInfo infoProcess, infoThread;
ldd.GetSecureInfos(&infoThread, &infoProcess);
// Check the vendor & secure IDs are what's expected
test(infoThread.iVendorId==KTestVendorId);
test(infoThread.iSecureId==KTestSecureId);
test(infoProcess.iVendorId==KTestVendorId);
test(infoProcess.iSecureId==KTestSecureId);
// Check process caps == thread caps
TUint32* capsT = (TUint32*)&infoThread.iCaps;
TUint32* capsP = (TUint32*)&infoProcess.iCaps;
test(capsT[0]==capsP[0]);
test(capsT[1]==capsP[1]);
// Check the caps match what the user API gives
RProcess this_process;
for (TInt i=0 ; i<64 ; i++) {
TCapability cap = (TCapability)i;
test(infoProcess.iCaps.HasCapability(cap) == this_process.HasCapability(cap));
}
ldd.Close();
}
void TestPlatSecUnlocked()
{
RLddTest ldd;
TInt r = User::LoadLogicalDevice(_L("D_SLDD.LDD"));
test(r == KErrNone || r == KErrAlreadyExists);
r = ldd.OpenLocal();
test_KErrNone(r);
TUint32 flags0, flags;
TInt enforced;
flags0 = ldd.GetKernelConfigFlags();
const TUint32 bits = (TUint32)(EKernelConfigTest | EKernelConfigPlatSecEnforcement);
// Different test cases depending on whether __PLATSEC_UNLOCKED__ defined.
// Ask the kernel whether EKernelConfigPlatSecLocked is set, and hope that
// it's not lying to us!
//
// Best thing to do is to check the log and verify the printf() output.
//
if (PlatSec::ConfigSetting(PlatSec::EPlatSecLocked))
{
/*
* Tests for __PLATSEC_UNLOCKED__ not defined
*
* The device driver is built with __PLATSEC_FORCED_FLAGS__ set to 0, so we can't use
* its GetKernelConfigFlags() interface (the accessor functions are inlines) when we're
* testing for PlatSec locked. Instead, use PlatSec::ConfigSetting(), which makes an
* exec call to get iKernelConfigFlags.
*/
test.Printf(_L("__PLATSEC_UNLOCKED_ does NOT appear to have been used\n"));
/* Check that PlatSecEnforcement is set */
enforced = PlatSec::ConfigSetting(PlatSec::EPlatSecEnforcement);
test(enforced != 0);
/* Check that the device driver is able to set our test bit */
ldd.SetKernelConfigFlags(flags0 | EKernelConfigTest);
flags = ldd.GetKernelConfigFlags();
test((flags & EKernelConfigTest) == EKernelConfigTest);
/* Check that the device driver is able to clear our test bit, but not able to clear enforcement bit */
ldd.SetKernelConfigFlags(flags0 & ~bits);
enforced = PlatSec::ConfigSetting(PlatSec::EPlatSecEnforcement);
test(enforced != 0);
}
else
{
/*
* Tests for __PLATSEC_UNLOCKED__ defined
*/
test.Printf(_L("__PLATSEC_UNLOCKED_ DOES appear to have been used\n"));
/* Check that the device driver is able to set our test bit and PlatSecEnforcement */
ldd.SetKernelConfigFlags(flags0 | bits);
flags = ldd.GetKernelConfigFlags();
test((flags & bits) == bits);
/* And verify that the kernel sees the same result */
enforced = PlatSec::ConfigSetting(PlatSec::EPlatSecEnforcement);
test(enforced != 0); // (yes, "!= 0" is redundant)
/* Check that the device driver is able to clear our test bit and PlatSecEnforcement */
ldd.SetKernelConfigFlags(flags0 & ~bits);
flags = ldd.GetKernelConfigFlags();
test((flags & bits) == 0);
/* Verify that the kernel sees the same result */
enforced = PlatSec::ConfigSetting(PlatSec::EPlatSecEnforcement);
test(enforced == 0);
}
/* Restore original flags value */
ldd.SetKernelConfigFlags(flags0);
// Now test handling of iDisabledCapabilities
const TUint32 test_value = 0x31415926; // Just some random number
TCapabilitySet disabled0, disabled;
disabled0.SetDisabled();
SCapabilitySet *caps0 = (SCapabilitySet *)&disabled0;
SCapabilitySet *caps = (SCapabilitySet *)&disabled;
if (PlatSec::ConfigSetting(PlatSec::EPlatSecLocked))
{
/*
* Tests for __PLATSEC_UNLOCKED__ not defined
*/
/* Check that the capability set is 0 */
int i;
for (i = 0; i < SCapabilitySet::ENCapW; i++)
{
test_Equal(0, caps0->iCaps[i]);
}
/* Check that the device driver is not able to set word 0 of disabled capabilities */
ldd.SetDisabledCapabilities0(test_value);
/*
* It's okay to use SetDisabled() here, since this makes an exec call to get the
* set of disabled capabilities.
*/
disabled.SetDisabled();
test_Equal(0, caps->iCaps[0]);
}
else
{
/*
* Tests for __PLATSEC_UNLOCKED__ defined
*/
/* Check that the device driver is able to set word 0 of disabled capabilities */
ldd.SetDisabledCapabilities0(test_value);
disabled.SetDisabled();
test_Equal(test_value, caps->iCaps[0]);
}
/* Restore original value */
ldd.SetDisabledCapabilities0(caps0->iCaps[0]);
ldd.Close();
}
#include <e32svr.h>
GLDEF_C TInt E32Main()
{
PlatSecEnforcement = PlatSec::ConfigSetting(PlatSec::EPlatSecEnforcement);
TBuf16<512> cmd;
User::CommandLine(cmd);
if(cmd.Length() && TChar(cmd[0]).IsDigit())
{
TInt function = -1;
TInt arg1 = -1;
TInt arg2 = -1;
TLex lex(cmd);
lex.Val(function);
lex.SkipSpace();
lex.Val(arg1);
lex.SkipSpace();
lex.Val(arg2);
return DoTestProcess(function,arg1,arg2);
}
test.Title();
if(PlatSecEnforcement)
test.Printf(_L("PlatSecConfig appears to be ON\n"));
else
test.Printf(_L("PlatSecConfig appears to be OFF\n"));
test.Start(_L("Starting test server"));
RTestProcess server;
TRequestStatus rendezvous;
server.Create(~KTestCapabilities,ETestProcessServer,0,0);
server.Rendezvous(rendezvous);
server.Resume();
User::WaitForRequest(rendezvous);
test(rendezvous==KServerRendezvous);
test.Next(_L("Openning server session"));
TInt r = Session.Connect();
RDebug::Print(_L("%d"),r);
test(r==KErrNone);
test.Next(_L("Test Capability Names"));
TestCapabilityNames();
test.Next(_L("Test TCapabilitySet"));
TestCapabilitySet();
test.Next(_L("Test TSecurityInfo"));
TestSecurityInfo();
test.Next(_L("Test SecureId functions"));
TestSecureId();
test.Next(_L("Test VendorId functions"));
TestVendorId();
test.Next(_L("Test HasCapability functions"));
TestHasCapability();
test.Next(_L("Test TSecurityPolicy"));
TestSecurityPolicy();
test.Next(_L("Test Kernel APIs"));
TestKernelAPIs();
test.Next(_L("Test __PLATSEC_UNLOCKED__"));
TestPlatSecUnlocked();
test.Next(_L("Test diagnostic message suppression"));
RThread().HasCapability(ECapabilityReadUserData,0);
test.Printf(_L("There should be a diagnostic message just before this\n"));
RThread().HasCapability(ECapabilityReadUserData,__PLATSEC_DIAGNOSTIC_STRING("You should see this"));
test.Printf(_L("There should be a diagnostic message just before this\n"));
RThread().HasCapability(ECapabilityReadUserData,KSuppressPlatSecDiagnostic);
test.Printf(_L("There should NOT be a diagnostic message just before this\n"));
test.Next(_L("Closing server session"));
Session.Send(CTestSession::EShutdown);
Session.Close();
server.Close();
test.End();
return(0);
}